[fix] SecurityContextHolder 관련 수정

src/main/java/com/example/taskqueue/config/WebMvcConfig.java

@@ -8,15 +8,17 @@
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
+import javax.servlet.http.HttpSession;
 import java.util.List;
 
 @Configuration
 @RequiredArgsConstructor
 public class WebMvcConfig implements WebMvcConfigurer {
     private final UserRepository userRepository;
+    private final HttpSession httpSession;
     @Override
     public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) {
-        argumentResolvers.add(new CurrentUserArgumentResolver(userRepository));
+        argumentResolvers.add(new CurrentUserArgumentResolver(userRepository,httpSession));
     }
     @Override
     public void addCorsMappings(CorsRegistry registry) {

src/main/java/com/example/taskqueue/oauth/currentUser/CurrentUserArgumentResolver.java

@@ -1,6 +1,7 @@
 package com.example.taskqueue.oauth.currentUser;
 
 import com.example.taskqueue.common.annotation.CurrentUser;
+import com.example.taskqueue.oauth.dto.SessionUser;
 import com.example.taskqueue.user.entity.User;
 import com.example.taskqueue.user.repository.UserRepository;
 import lombok.RequiredArgsConstructor;
@@ -13,12 +14,14 @@
 import org.springframework.web.method.support.HandlerMethodArgumentResolver;
 import org.springframework.web.method.support.ModelAndViewContainer;
 
+import javax.servlet.http.HttpSession;
 import java.util.Optional;
 
 @RequiredArgsConstructor
 @Slf4j
 public class CurrentUserArgumentResolver implements HandlerMethodArgumentResolver {
     private final UserRepository userRepository;
+    private final HttpSession httpSession;
     @Override
     public boolean supportsParameter(MethodParameter parameter) {
         return parameter.getParameterAnnotation(CurrentUser.class) != null;// &&
@@ -30,10 +33,9 @@ public Object resolveArgument(MethodParameter parameter,
                                   ModelAndViewContainer mavContainer,
                                   NativeWebRequest webRequest,
                                   WebDataBinderFactory binderFactory) throws Exception {
-        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-        System.out.println("authentication = " + authentication.getPrincipal());
-        Optional<User> findUser = userRepository.findByEmail(authentication.getName());
-        //System.out.println("findUser = " + findUser.get().toString());
+        SessionUser user = (SessionUser) httpSession.getAttribute("user");
+        Optional<User> findUser = userRepository.findByEmail(user.getEmail());
+        System.out.println("findUser = " + findUser.get().toString());
         if (findUser.isPresent() && findUser.get().getRefreshToken()!=null) {
             //DB에 사용자가 있고 refresh token이 있다면(로그인 된 상태)
             return findUser.get();

src/main/java/com/example/taskqueue/oauth/dto/SessionUser.java

@@ -0,0 +1,14 @@
+package com.example.taskqueue.oauth.dto;
+
+import com.example.taskqueue.oauth.CustomOAuth2User;
+import lombok.Getter;
+
+@Getter
+public class SessionUser {
+    private String name;
+    private String email;
+    public SessionUser(CustomOAuth2User oAuth2User) {
+        this.name = oAuth2User.getName();
+        this.email = oAuth2User.getEmail();
+    }
+}

src/main/java/com/example/taskqueue/oauth/handler/OAuth2LoginSuccessHandler.java

@@ -4,6 +4,7 @@
 import com.example.taskqueue.exception.jwt.JwtErrorCode;
 import com.example.taskqueue.exception.notfound.config.ResourceNotFoundErrorCode;
 import com.example.taskqueue.oauth.CustomOAuth2User;
+import com.example.taskqueue.oauth.dto.SessionUser;
 import com.example.taskqueue.oauth.jwt.JwtService;
 import com.example.taskqueue.security.ResponseUtils;
 import com.example.taskqueue.user.entity.Role;
@@ -22,6 +23,7 @@
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 import java.io.IOException;
 import java.util.Optional;
 
@@ -32,19 +34,16 @@ public class OAuth2LoginSuccessHandler implements AuthenticationSuccessHandler {
 
     private final JwtService jwtService;
     private final ResponseUtils responseUtils;
-    private final UserRepository userRepository;
+    private final HttpSession httpSession;
     private final UserService userService;
 
     @Override
     public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
         try {
             log.info("OAuth2 Login 성공!");
-            SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL);
-            SecurityContext context = SecurityContextHolder.createEmptyContext();
-            context.setAuthentication(authentication);
-            SecurityContextHolder.setContext(context);
-
             CustomOAuth2User oAuth2User = (CustomOAuth2User) authentication.getPrincipal();
+            httpSession.setAttribute("user",new SessionUser(oAuth2User));
+            SessionUser user = (SessionUser) httpSession.getAttribute("user");
             System.out.println("oAuth2User = " + oAuth2User.toString());
             loginSuccess(response,oAuth2User);
         } catch (Exception e) {